Thursday, December 9, 2010

A group calling itself "Anonymous" has claimed responsibility for a series of recent attacks on sites they think are cooperating in the attempt to bring down Wikileaks. I think these actions are ill advised to be charitable, and distract from the real issues in the debate surrounding Wikileaks.

The tactic employed by Anonymous and others is called "Distributed Denial Of Service" (DDOS). It involves hijacking hundreds or thousands of computers and using them to overwhelm an Internet site by bombarding it with traffic. There are technical means that can overcome them, but I think the interesting thing about such attacks is how they cut squarely against the kind of transparency Wikileaks says it aims for. DDOS attacks are the moral equivalent of shouting down an opponent at a town meeting, except the effect is global, not local. The argument that they are responding to similar tactics by the friends of the US Government is the same one that has been used to justify mass slaughter throughout human history. That argument is as morally bankrupt as the actions it seeks to justify. I would be perfectly happy to hear that the government had busted one or two of these slime mold samples.

However I'm under no illusions that would actually change anything. The nature of the Internet guarantees people with any motivation whatsoever will have the tools needed to get their message across. Although hacker gangs, criminal cartels and repressive governments all employ tools to stifle the free flow of information these are ineffective in view of the technology and politics of the Internet.

At the technical level, the Internet more or less treats everyone's data in the same way. Traffic on the Internet comes tagged with technical service information, (e.g. web traffic versus video versus voice calls,) and where the traffic originated and where it is bound. What the network knows nothing about is the meaning of the information that flows through its infrastructure. You can "tap" the flow of data through a particular point, but there are other technical problems with that, beginning with the fact that a lot of the Web's traffic is protected by encryption.

At the political level, pressure can be exerted against companies or individuals that might provide services to a site a government might object to. Apparently under pressure from the US Government, several US companies that were providing crucial services to to Wikileaks withdrew that support. Wikileaks was "off the air" for a couple of days, but then returned, having found providers for all the missing services. For now at least, they have adapted to the pressure applied to them, and continue to release the diplomatic documents in their possession on the installment plan.

But even if it were possible to kick every prop out from under Wikileaks, the effort to surpress the organization's ability to continue publishing secrets would fail. Any website can be copied and made available elsewhere on the Internet. The process is called "mirroring." As of December 9, 2010, Wikileaks claims to have nearly 1,400 such mirrors operating. Recall that the infrastructure of the Internet doesn't know about content, so it will happily transfer any information from any site. The original information source may die, but the information itself lives on on myriad sites, each of which a prospective censor would have to take down in order to achieve its aims. Couple that with strong anonymity, meaning that mirrors can be operated by people whose identities remain protected, and it's game over for the party trying to surpress information on the Internet. These tactics have been used to overcome censorship imposed by repressive regimes, such as China. They are just as effective when used against the current effort to censor the web.

The criminal tactics of Anonymous are despicable and deplorable, but trying to connect them to Wikileaks is either cynical propaganda or misinformed punditry. Against the background of technical and political realities of the Internet I just described, I believe that Wikileaks doesn't need criminal attacks like those we have seen in order to survive. Engaging in that sort of thing would do nothing but detract from Wikileaks achieving its aims, and if there is one thing that is clear in this situation, it's that Julian Assange puts those aims ahead of any other concern.

Sunday, May 23, 2010

I still can't believe that exposing a candidate's weaknesses can be successfully attacked as "gotcha politics." But here's Sarah Palin trying to use the same old double-speak to defend Rand Paul.

"One thing that we can learn in this lesson that I have learned and Rand Paul is learning now is don't assume that you can engage in a hypothetical discussion about constitutional impacts with a reporter or a media personality who has an agenda, who may be prejudiced before they even get into the interview in regards to what your answer may be -- and then the opportunity that they seize to get you."

The main problem with this defense is that Sarah’s embarrassment arose from exposing her boneheaded ignorance and stupidity over and over and over on national TV. Katie Couric may have suspected that Sarah Palin was politically illiterate, but exposing that fact was a public service. A free press is supposed to do that sort of thing. On the other hand, Rand Paul has expressed a well thought out but wrong headed opinion. He has also been pounced on by the press for this, but once again, the media has made a judgment that Paul's philosophical opposition to one cornerstone of the 1964 civil rights act is newsworthy. How can you argue with that? At least Paul's opinion is not born of abyssal ignorance, parochial isolation and innate feeble mindedness.

Going only on his decision to cancel an appearance on Meet the Press, it seems possible Rand Paul might try to retreat from the national spotlight to preserve his political chances in KY without compromising his principles. Sarah Palin doesn’t have to do this, because she allows her principles to be carefully vetted, and modified as needed. She also has gotten better at the twin arts of prevarication and misdirection, and employs them freely at the rare unscripted events she attends.

It’s not like she’s worse in this regard than many another politician on the national stage, but in her case, we’ve had a good look at the noodle head under the constructed political image. Rand Paul is not a noodle head. He’s an idealistic libertarian with a touching faith in private enterprise. Whether he will allow himself to be transformed into a nationally saleable product like Sarah Palin remains to be seen.

Wednesday, April 14, 2010

I've been gaining ground psychologically for the last two months. I had a severe panic attack about that long ago that seems to have shocked me out of my depression. I still suffer from obsessively negative thinking, but I now have the ability to short circuit these thoughts with cognitive techniques, and it has become less and less troublesome. As my mind has cleared, I've started seeing some obvious roadblocks that obsessive thinking leads me to put in my way.

One aspect of this is obsessive perfectionism. For example, before 2009, I found it impossible to write songs. I could write tunes, and sometimes some verse, but I could never allow myself to compromise one for the other, and one or the other was never good enough. That changed in 2009, after my surgery. I think that the limitations that I had to deal with then made compromise essential in many areas of my life. One manifestation of this was that I was able to write a song. I wrote a little verse with a particular meter. I pulled an old tune out of a dusty inner bookshelf and tried to squeeze the two together. They didn't fit so well. So I modified the tune to match the new meter, but the words still didn't fit. So I tweaked the words a bit. Going back and forth I was successful in writing a complete song. And compromising on the meter, melody and syntax allowed me to hold on to what I really found important: the meaning of the whole ensemble. That was a minor triumph for me. But the general pattern of refusing to compromise on details to achieve of an overall goal still stops me from completing stuff I really want to do. Lately, my awareness of this problem has allowed me to avoid it several times. That feels good.

A second way my obsessive thinking bites me is in the matter of details. A friend on Second Life is working in a start up company. Yesterday, he complained about being interrupted by some corporate trivia while he was 5000 levels deep in some complicated code. It reminded me of when I used to do that sort of thing. Systems design, engineering and coding all demand a huge amount of concentration, and the ability to track one or more chains of details down to great depth. In my case, obsessive tendencies really helped me do that kind of work. I can't do it so well anymore, but I still tend to chase stuff "down a rabbit hole." (Or a "rat hole," depending.) When I was working, I had colleagues that helped pull me back up to the surface when I was in danger of drowning in minutiae. I now find that heading for the depths in isolation is a really effective barrier to progress.

Reducing the impact of just those two obsessive patterns has yielded good results. My frustration level is way down, not only because I beat my head against problems less, but because I get results! Second, the results become springboards for further progress. One example of this is an insight I had regarding loneliness.

I've isolated myself for many years, and I tend to lump the angst from that under the single heading of "loneliness." But demanding less of myself, and especially of others, has let me see things differently. I had a brainstorm the other day that the cure for loneliness was to help other lonely people. This is a simple idea, not at all novel, but one that had immediate utility for me. In the past, I would have spun dreams around how to do this simple thing. I'd keep that up until rat hole diving or unwillingness to compromise, or some other roadblock stopped me. But this time, I started thinking in a more practical way. In order to help someone with loneliness, I needed to think about loneliness actually meant to me. I discovered that, in my case, it has at least four components. I decided that I am

Lonely. I narrowed this term down to lacking human contact.

Bored. Relying solely on my own resources for stimulation and entertainment has strict limits.

Lovelorn. I haven't had a loving relationship for 13 years

Sex starved. I haven't had a good hug and kiss, let alone any sex in the same length of time.

Taken altogether, with an obsessive focus on myself, these three components merge into a big, impenetrable ball of wax. But since I was thinking of them in the context of helping someone else, I could view them separately, and somewhat more dispassionately. This led to the immediate realization that number 1 isn't actually a problem for me! I talk to friends on a daily basis, on the phone, via SL or Facebook. That my contacts aren't face to face doesn't actually matter from the standpoint of loneliness. This also helps a lot with boredom, though I could always use more interesting things to do. So thinking about how to help other lonely people led me to an immediate cure of my own loneliness, via the realization that I was a lot less lonely than I thought.

Regarding the last two, I got some clarity on the commonplace notion that sex and love aren't the same thing. They are separate problems that I insist on treating as one. It's possible to solve one without the other, though they can work together. I think my monolithic thinking has been a roadblock. I want fall in love with anyone I have sex with. A woman interested in one or the other might be put off by my presenting an insistence on both. Also, my long self imposed deprivation leads me to put a huge spin on that ball when meeting women. Third, isolation does make it harder to make either sort of contact. I haven't solved these problems, but I feel I've made some progress in my thinking about them.

I always liked the old AA slogan "progress, not perfection," because it was so apt for me. I'm not satisfied with my current situation regarding any of these problems. The big difference is that I'm not getting sidetracked or stopped by my thinking about them. I'm making real progress.

Tuesday, April 6, 2010

I am working through grief over my situation. I looked up the five stages of grief just now, and I'm puzzled. I seem to have gone right to the depression stage, skipping over denial, anger and bargaining. It's tricky for me because I'm chronically depressed anyway. But I think I can rationalize skipping the first three steps.

Denial: I have had a morbid imagination from my early days. It has gotten to be more of a problem later in my life. The point is I'm all too willing to believe that catastrophe awaits me in the near future. Now I have a solid basis for that worry, I'm not surprised that I believed the threat immediately.

Anger: I've had problems with anger in the past. Anger at my ex-wife, my family, my friends. One of the reasons I have isolated myself is to avoid hurting myself and others with my anger. So my reflex is to suppress angry feelings. Lately, I've lost the luxury of getting angry: it makes me very ill. Also, the question arises: who should I be angry at? On the other hand maybe that's where the denial comes in. I'm not denying my mortality risk, but maybe I am denying my anger at the situation.

Bargaining: with who? I have seen miracles, but they have been of the nature of unexpected and unaccountable kindness and forgiveness. I think these could have a naturalistic explanation without diminishing their significance. I'm agnostic in my religious beliefs. I'm dubious about appealing to a supernatural entity for deliverance from the common fate of mankind, even if I think it's coming too soon in my case.

What really bothers me is the idea that I will die without love. That gets me weeping every time I think about it. I don't know how to escape that fate. I haven't had a good hug in 13 years and I feel very, very sorry for myself about it. Aside from gradually losing my capacity to have sex, I feel like I'm losing the stamina to reach out to others. That makes it hard to move on to acceptance.

I don't know, maybe I'll pull a Dylan Thomas at the end. (The rage part, not the drunken death in a gutter.)

My congestive heart failure diagnoses is pretty serious. My doctor tells me I have even odds at being alive after two years. It's 25% mortality chance for the coming 12 months, 50% for years one and two together, I can't make this work out with basic random probability, so I assume the numbers are based on empirical measurement. I didn't ask about years following. He also mentioned that he has never personally referred a patient for heart transplant surgery. I asked if that could offer me some hope, and he shrugged. He said they wouldn't put me on the list now because I was too healthy. He also said I was between three and four on the four level scale of cardiac disability, with one being normal and four being unable to leave bed. I suppose I have to be all the way into four to be considered for a heart transplant. Some good news in the mix it would seem. He said there are two ways I could die from this. First, ventricular fibrillation could kill me. I'm protected with the defibrillator, but he said the heart might not respond. The device would shock me 10 times or so before the battery went out, then pffft. The other, more likely way would be simply by progression of the CHF. That would involve drowning essentially. I've felt fluid rising in my lungs, so I have a glimmer of what that would be like.

So that stuff has me spinning pretty good. I have been terrified of dying ever since my heart attack, often to the point of morbid obsession. It's a hard slog keeping my mind out of obsessive pathways that have me imagining death from some absurd cause, happening next week sometime. When my depression is bad, I find it impossible to break free of those thoughts. I do better when I'm not depressed, which has been the case for 6 weeks now. Now that I have a concrete threat to my life to consider, I'm not sure how it will play out during the next downturn in my mood.

In some ways, the prognosis takes pressure off me. I can stop worrying as much about small stuff. It even seems like I've found a pool of courage to face some problems that have plagued me most of my life.

I'm lonely. I haven't had a lover in 13 years, since my divorce. I don't have anyone I feel comfortable enough to talk about this stuff with. I find it hard to feel love from my friends. It's possible that's the major problem right there. That, and the belief that love will always go away. I think I can't do it, or that I don't deserve it. It's easier for me to see what bullshit that all is now. But I'm still isolated in my apartment. I don't know where to go to change my luck. I need so much to have a woman's arms around me, a woman's open heart and practical mind.

I'm working on music, and that gives me some joy and satisfaction. But I get no feedback on it. I want approval but I'd settle for criticism. What I have is a big hole. My friends don't seem interested by and large. I post things on Facebook and watch my web server logs. Nothing.

If my insurance will pay, I'll be going to cardiac rehab next week. Perhaps that will give me a chance to make new friends. I can always flirt with the nurses. (I love nurses. :)

Thursday, April 1, 2010

An article in the Financial Times reports on Google's confused response to China blocking its Chinese search engine. The article claims that ".. Google is struggling to understand what is going on." That's an interesting story, but the article goes on to list criticism of Google in a rather confused way.

FT quotes several observers in China to the effect that Google bit off more than it could chew in confronting Beijing. A "founder of a social networking services website" says that “Google has met its match in the Chinese government.” One competitor is quoted as saying that "Google’s move smacks of hubris."

The article goes on to quote "a US security expert" as saying that Google shouldn't have linked the censorship and cyber attack issues. The source complains that "we may not like the fact that China censors, but they are not going to discuss that with us," and "if we want to fight hacking, we need to talk about hacking and hacking only.” This sounds like an opinion from the US State Department, and makes perfect sense from that point of view.

The confusion arises from not considering Google's history on this matter. It has been widely reported that Sergey Brin, a co-founder of Google who was born in the Soviet Union, was initially opposed to Google's entry to the Chinese market because of objections to censorship. We also hear that this argument wasn't enough to carry the day back in 2006, and that Mr Brin went along with the move under the premise that Google could provide more information to Chinese users, and that was better than less information. (That sounds like a rationalization papering over conviction to me. I recognize that sort of thinking from the compromises I made working in the corporate world.) Finally, Mr Brin is quoted as saying that the cyber attacks were ".. the straw that broke the camel's back." (You can google all of this, so I won't provide references. The last one appears in the referenced article however.)

Mulling that over, and reading the article in the WSJ about the decision making around Google's policy change toward China, it's clear that the attacks gave Mr. Brin and others within Google the leverage to change a policy they were unhappy with for many reasons, but importantly, on moral grounds.

So that was the link between the censorship and cyber attack issues. From a US foreign policy perspective the linkage is not helpful, and not only for the reasons stated in the FT article. The consequences of Google pushing an issue that Beijing isn't going to listen to may include losing their Chinese business, but the decision is unlikely to lead to war. Governments must be more circumspect.

From a business perspective, the decision is puzzling because it cuts against Google's long term business interests. Business analysts and investment advisers just don't buy the story that Google did this to uphold the principle of an unfettered Internet. They are free to buy whatever they want, in a rational self interested way no doubt, but they are wrong. And pardon me, but the "hubris" criticism smacks of ingratiating Chinese authorities. The slam comes from a company that, along with practically every other business from nominally free countries, fully intends to cooperate in painting black ink over Internet sites that annoy an authoritarian Chinese regime. There's also the fact that short term, this move isn't going to have much of an impact on Google's bottom line, the China business wasn't yielding a lot of profit.

Summing up, I think Google isn't confused about China. They may be foolish for putting principle first, but they have my admiration for the decision.

The recent Chilean earthquake shifted the axis byapproximately three inches and shortened the lengthof a day by 1.26 microseconds. According to NASA's JetPropulsion Laboratory the displacement of Earth's axiswill cause natural disasters on the Eastern coast ofthe USA including Florida, Georgia, South and NorthCarolina.______________________

In this connection the DHS has made a decision to prepare forgeneral evacuation from the specified area. The population ofthe region should be ready for evacuation. It is necessarycollect valuable possessions, documents, things of firstnecessity, and wait for the announcement.

In order to prevent panic among the population DHS asks tostay calm and follow the official instructions listed below:

(Links to sites that tell you what to do with your valuable possessions omitted.)

Tuesday, February 16, 2010

After 10 years of being serious about security, why does Windows still suck?

On January 12, 2010, Google announced via a blog posting that it had been the victim of a targeted, large scale, serious and successful set of Internet based attacks. The same blog posting also revealed that similar attacks had been successfully carried out against "at least 20" other companies. Underlying the "Aurora" attacks was a vulnerability in Internet Explorer that allowed remote code execution. The hole, CVE-2010-0249 had apparently been known to Microsoft for five months before the Aurora attacks were made public. Microsoft released security advisory 979352 to address the vulnerability two days later, on January 14th. Why did this problem go so long without being addressed by Microsoft? Why is Windows still vulnerable to these sorts of problems after 15 years of a commercialized Internet?

No Dummies

I doubt Microsoft is holding back creating the most secure and stable operating system on Earth because they are too dumb to know what that would look like. Microsoft hires brilliant engineers. I think they would deliver on security and stability if they could. But I think those folks are hampered in building a better quality OS for two main reasons.

Legacy

First, there's still a mile high rotting pile of stinking fish and compost bearing down on those engineers. This is the legacy of an earlier Microsoft that didn't understand that a network was more than a way to print and share files. The rot pile was thickened by a long series of marketing decisions that ignored stability and security in favor of short term market advantage. (In other words, they may have gotten a clue about networks and security, but management didn't care.) Since about 2000, Microsoft has been trying to undo the damage their first two decades wrought on the pockmarked face of the PC industry. They have had mixed success. Knocking DOS on the head helped. They also released a series of increasingly stable versions of NT with Win2K and XP plus service packs. But we all know how successful those were in the face of a rising tide of cybercrime, espionage and hooliganism through the first decade of the 21st century. Important advances were made with Windows Vista, but the disaster that occurred with that OS was partly due to those very changes, underscoring the difficulties Microsoft still faces trying to overcome its legacy. Windows 7 is a better try, but has still has problems. It is still a (growing) piece of the biggest virus target in the universe. And it it is still a relatively soft target too. The applications running on top of Windows frequently fall victim, even if the core OS doesn't. In the Aurora case, the hole was in multiple versions of Internet Explorer, including IE8 on Windows 7.

Too Much Success

So that's the legacy problem. The second big issue is that trying to appease thousands of interest groups around Windows is very, very hard. Hardware and (especially) software vendors deliver solutions that vary in quality to an absurd degree. Windows, the biggest software market on Earth, welcomes this menagerie. Architectural improvements in development technologies like .net and the CLR help some, but they are no panacea. Another challenge for Microsoft is the relatively open Wintel hardware platform. Wintel isn't open in the sense that open source software is, but it's accessible to most companies wanting to design hardware to fit in, so many do just that. But drivers for the hundreds of thousands of hardware offerings for Wintel are an important source of Windows insecurity and (especially) instability. Altogether, these partners make demands on Microsoft that are no doubt hard to reconcile. But the real problem is that making changes to the OS, such as patches to security holes, is very, very, very hard. Can you imagine the testing nightmare that Microsoft must face when confronted with a tricky security hole? But that still doesn't excuse the more egregious examples of neglect, such as the Aurora fiasco.

Other Platforms

Other operating systems exist for PCs. They are in the minority, and so enjoy less intense scrutiny from the low-life scum that write malware and crack systems. But that's not the only advantage these alternatives have. Gnu/Linux and MacOS have an easier time with all this partly because they aren't saddled with a bad legacy. MacOS also has the advantage that the hardware platform is closely coupled to the OS, reducing or eliminating an important source of instability. The Linux kernel lacks this advantage, but shares with MacOS a set of rational architectures descended from its Unix forebears, and a commitment to security and stability. The Linux kernel adds transparent development to its list of advantages over Windows. The kernel team can turn on a dime with security problems because of good architectures, and because security and stability come first for them. Gnu/Linux applications vary widely in quality in this regard, but again, the Unix derived architectures mitigate most of the problems with bad apps.

Who is Hurting?

Microsoft faces a unique set of challenges that their current success and questionable legacy place on them. Though I often applaud people making money from imagination, after three decades of watching the clowns in Redmond, I have to say that the problems couldn't happen to a nicer bunch. But my glee at seeing the carrion crows coming home to roost on the house that Gates built is tempered by concern for the hundreds of millions of users of Microsoft software. So on balance, I wish the current group good luck in taming the hydra headed beast that is Windows.